CVE-2006-4547

Name of the Vulnerable Software and Affected Versions Lyris ListManager version 8.95

Description The issue allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name. This reveals the details of the underlying SQL query, possibly due to a forced SQL error or SQL injection.

Recommendations For Lyris ListManager version 8.95, consider restricting access to user addition functionality until a fix is available, and avoid using the name variable with special characters in the affected API endpoint.